Twitter and the New York Times were hacked this week, which means that they have officially joined the ranks of other major news organizations, including the Financial Times and Washington Post who have been targeted by hackers over the past few months.
So, how’d it happen?
Three things: hacker groups, DNS providers and spear phishing.
The Syrian Electronic Army (SEA) appears to be taking credit for this attack, as their logo was prominently displayed at NYTimes.com when the site was compromised. The SEA, a hacker group, protesting Syrian President Bashar Al-Assad, launched the attack in order to generate high profile awareness of their political agenda.
Why DNS Providers Are Targeted by Cybercriminals
The nature of this attack is consistent with several other cyberattacks that have recently taken place, in that the DNS Provider was targeted in order to carry out the attack. Melbourne IT, the New York Times’ registrar, was the victim of a spear phishing attack that successfully provided members of the SEA with access to the Times’ DNS Manager. DNS providers are among the most targeted businesses by cybercriminals, ranking alongside large financial institutions and major retailers as lucrative targets. There are two primary reasons for this:
- By gaining access to a customer account, DNS records can be changed to whatever the cybercriminal wants them to be.
- Gaining access to the DNS Provider’s employee accounts gives the cybercriminal access to several different domains, creating an opportunity to launch a large-scale attack.
Top Phishing Concerns of DNS Providers
- Spear Phishing is increasing in frequency. A spear phishing attack happens when cybercriminals launch a targeted attack against specific individuals who they feel can give them access to the information, credentials or infrastructure that they need to carry out their attack. In the instance of the New York Times attack this week, a spear phishing attack was launched against employees of a reseller of Melbourne IT.
- Hacktivism is becoming part of the “new normal” when it comes to the cybersecurity landscape. In attacks such as this, the goal is not to obtain customer credentials and access account information to procure funds. Instead, the goal is exposure. As Sun Tzu states, know your enemy.
- Brand Loyalty/Customer Relationships suffer even if just one attack is successful. If a DNS provider fails to protect customer accounts from being accessed by cybercriminals, customer loyalty will be damaged and brand integrity will suffer long-term consequences.
What DNS Providers Can Do
The most important thing that DNS providers can do is focus on email.
When it comes to launching these attacks, cybercriminals almost always launch a phishing attack via email. That’s why email-based threat intelligence is so important. If you are using security intelligence appropriately, you can identify the source of a threat and even stop an attack before it happens.
Additionally, it’s important to take a look at which players in your organization have access to information that could be appealing to cybercriminals. There is another word for these employees: targets. Adjust the security level for these folks to provide additional protection against these kinds of attacks.
Share your thoughts. How can DNS providers protect themselves against phishing?